× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fd03451e18b8c33caca6d89aee260886e2b6a2e77f2d6af9d6981389e7822e3
File name: SCANNED DOCS,jpg.exe
Detection ratio: 17 / 55
Analysis date: 2015-10-29 08:33:58 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Dropped:Trojan.GenericKD.2832472 20151029
Arcabit Trojan.Generic.D2B3858 20151029
Avast Win32:Malware-gen 20151029
BitDefender Dropped:Trojan.GenericKD.2832472 20151029
Emsisoft Dropped:Trojan.GenericKD.2832472 (B) 20151029
ESET-NOD32 a variant of Win32/Injector.CLIP 20151029
F-Secure Trojan.GenericKD.2832472 20151029
GData Dropped:Trojan.GenericKD.2832472 20151029
Ikarus Trojan.Win32.Injector 20151029
K7AntiVirus Trojan ( 004d546c1 ) 20151029
K7GW Trojan ( 004d546c1 ) 20151029
Kaspersky Trojan.Win32.Yakes.mzzo 20151029
Malwarebytes Ransom.CryptoWall 20151029
McAfee Artemis!EFC7210F7DBC 20151029
eScan Dropped:Trojan.GenericKD.2832472 20151029
nProtect Trojan/W32.Agent.457216.Z 20151029
Sophos Troj/MDrop-GWI 20151029
AegisLab 20151029
Yandex 20151028
AhnLab-V3 20151028
Alibaba 20151029
ALYac 20151029
Antiy-AVL 20151029
AVG 20151029
Avira (no cloud) 20151029
AVware 20151029
Baidu-International 20151028
Bkav 20151028
ByteHero 20151029
CAT-QuickHeal 20151029
ClamAV 20151029
CMC 20151029
Comodo 20151029
Cyren 20151029
DrWeb 20151029
F-Prot 20151029
Fortinet 20151029
Jiangmin 20151028
McAfee-GW-Edition 20151029
Microsoft 20151029
NANO-Antivirus 20151029
Panda 20151028
Qihoo-360 20151029
Rising 20151028
SUPERAntiSpyware 20151028
Symantec 20151028
Tencent 20151029
TheHacker 20151028
TrendMicro 20151029
TrendMicro-HouseCall 20151029
VBA32 20151028
VIPRE 20151029
ViRobot 20151029
Zillya 20151029
Zoner 20151029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name WEXTRACT.EXE
Internal name Wextract
File version 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description Win32 Cabinet Self-Extractor
Packers identified
F-PROT SFX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 06:01:37
Entry Point 0x0000645C
Number of sections 3
PE sections
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
AdjustTokenPrivileges
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
GetDeviceCaps
GetLastError
GetSystemTimeAsFileTime
DosDateTimeToFileTime
ReadFile
GetStartupInfoA
GetSystemInfo
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
LoadLibraryA
GetExitCodeProcess
QueryPerformanceCounter
MulDiv
ExitProcess
SetFileTime
GetVersionExA
GlobalUnlock
GetModuleFileNameA
IsDBCSLeadByte
GetShortPathNameA
FreeLibrary
GetCurrentProcess
GetVolumeInformationA
LoadLibraryExA
SizeofResource
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
lstrcatA
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
_llseek
GetCommandLineA
GlobalLock
EnumResourceLanguagesA
TerminateThread
GetTempPathA
CreateMutexA
GetModuleHandleA
_lclose
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
FindFirstFileA
GetCurrentProcessId
CreateEventA
lstrcpyA
_lopen
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
FreeResource
SetFileAttributesA
SetEvent
LocalFree
FindResourceA
TerminateProcess
CreateProcessA
RemoveDirectoryA
SetUnhandledExceptionFilter
LockResource
LoadResource
WriteFile
GlobalAlloc
LocalFileTimeToFileTime
FindClose
FormatMessageA
GetTickCount
CreateFileA
GetDriveTypeA
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
ResetEvent
CharPrevA
EndDialog
ShowWindow
MessageBeep
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
CharUpperA
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
SendMessageA
GetDlgItem
wsprintfA
LoadStringA
CharNextA
GetDesktopWindow
CallWindowProcA
MsgWaitForMultipleObjects
SetForegroundWindow
ExitWindowsEx
DialogBoxIndirectParamA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_RCDATA 14
RT_DIALOG 6
RT_ICON 6
RT_STRING 6
RT_GROUP_ICON 2
AVI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 31
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
6.0.2900.2180

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
416768

EntryPoint
0x645c

OriginalFileName
WEXTRACT.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2004:08:04 07:01:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wextract

ProductVersion
6.00.2900.2180

FileDescription
Win32 Cabinet Self-Extractor

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
39424

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.0.2900.2180

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 25a322b9ea5c709c4376bf58527f198a
SHA1 48e9a26641a6489fb87550e8d6eb578afa17fb44
SHA256 9fd03451e18b8c33caca6d89aee260886e2b6a2e77f2d6af9d6981389e7822e3
ssdeep
6144:Ijbei0UDfpqojHI34EEp4THDBzscG7omAQLGtsL9pJWMOAB7ia7Y2owY:IuuLprURTTicFmAptsL9vWMOUia7Y2U

authentihash 0836c31a1a70eb9815e7d054be97ff7548e28b628bc95f50f4f37e76421c74f4
imphash 0ebb3c09b06b1666d307952e824c8697
File size 446.5 KB ( 457216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 MS Cabinet Self-Extractor (WExtract stub) (80.4%)
Win32 Executable MS Visual C++ (generic) (8.2%)
Win64 Executable (generic) (7.3%)
Win32 Dynamic Link Library (generic) (1.7%)
Win32 Executable (generic) (1.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-29 08:33:58 UTC ( 1 year, 6 months ago )
Last submission 2015-11-03 07:39:42 UTC ( 1 year, 6 months ago )
File names mau virus so (27).bin
Wextract
WEXTRACT.EXE
SCANNED DOCS,jpg.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.